We Can Help

What encryption is being used?

AES-256 is accepted by the US Government for protecting top secret data. AES is implemented in JavaScript for the LastPass.com website, and in C++ for speed in the Internet Explorer and Firefox plug-ins.

This is important because your sensitive data is always encrypted and decrypted locally on your computer before being synchronized. Your master password never leaves your computer and your key never leaves your computer. No one at LastPass (or anywhere else) can decrypt your data without you giving up your password (we will never ask you for it).

The client-side PBKDF2 yeilds the key that is used by AES256. That does not get sent to us during logins, instead we do an additional round of hashing and that hash is what is sent to us for verification. It's a one-way hash, though, so again we cannot get the key from it nor can we decrypt the data on our end. When you login, that hash is what's sent to verify if you can download your encrypted data.

Still Having Trouble?

Look for answers in our vibrant customer-to-customer community help forums.